{ "description": "Schema defines the CRD for a Redpanda schema.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "Defines the desired state of the Redpanda schema.", "properties": { "cluster": { "description": "ClusterSource is a reference to the cluster hosting the schema registry.\nIt is used in constructing the client created to configure a cluster.", "properties": { "clusterRef": { "description": "ClusterRef is a reference to the cluster where the object should be created.\nIt is used in constructing the client created to configure a cluster.\nThis takes precedence over StaticConfigurationSource.", "properties": { "name": { "description": "Name specifies the name of the cluster being referenced.", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "staticConfiguration": { "description": "StaticConfiguration holds connection parameters to Kafka and Admin APIs.", "properties": { "admin": { "description": "AdminAPISpec is the configuration information for communicating with the Admin\nAPI of a Redpanda cluster where the object should be created.", "properties": { "sasl": { "description": "Defines authentication configuration settings for Redpanda clusters that have authentication enabled.", "properties": { "mechanism": { "description": "Specifies the SASL/SCRAM authentication mechanism.", "type": "string" }, "passwordSecretRef": { "description": "Specifies the password.", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "token": { "description": "Specifies token for token-based authentication (only used if no username/password are provided).", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "username": { "description": "Specifies the username.", "type": "string" } }, "required": [ "mechanism" ], "type": "object", "additionalProperties": false }, "tls": { "description": "Defines TLS configuration settings for Redpanda clusters that have TLS enabled.", "properties": { "caCertSecretRef": { "description": "CaCert is the reference for certificate authority used to establish TLS connection to Redpanda", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "certSecretRef": { "description": "Cert is the reference for client public certificate to establish mTLS connection to Redpanda", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "insecureSkipTlsVerify": { "description": "InsecureSkipTLSVerify can skip verifying Redpanda self-signed certificate when establish TLS connection to Redpanda", "type": "boolean" }, "keySecretRef": { "description": "Key is the reference for client private certificate to establish mTLS connection to Redpanda", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "urls": { "description": "Specifies a list of broker addresses in the format :", "items": { "type": "string" }, "type": "array" } }, "required": [ "urls" ], "type": "object", "additionalProperties": false }, "kafka": { "description": "Kafka is the configuration information for communicating with the Kafka\nAPI of a Redpanda cluster where the object should be created.", "properties": { "brokers": { "description": "Specifies a list of broker addresses in the format :", "items": { "type": "string" }, "type": "array" }, "sasl": { "description": "Defines authentication configuration settings for Redpanda clusters that have authentication enabled.", "properties": { "awsMskIam": { "description": "KafkaSASLAWSMskIam is the config for AWS IAM SASL mechanism,\nsee: https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html", "properties": { "accessKey": { "type": "string" }, "secretKeySecretRef": { "description": "SecretKeyRef contains enough information to inspect or modify the referred Secret data\nSee https://pkg.go.dev/k8s.io/api/core/v1#ObjectReference.", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "sessionTokenSecretRef": { "description": "SessionToken, if non-empty, is a session / security token to use for authentication.\nSee: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "userAgent": { "description": "UserAgent is the user agent to for the client to use when connecting\nto Kafka, overriding the default \"franz-go//\".\n\nSetting a UserAgent allows authorizing based on the aws:UserAgent\ncondition key; see the following link for more details:\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-useragent", "type": "string" } }, "required": [ "accessKey", "secretKeySecretRef", "sessionTokenSecretRef", "userAgent" ], "type": "object", "additionalProperties": false }, "gssapi": { "description": "KafkaSASLGSSAPI represents the Kafka Kerberos config.", "properties": { "authType": { "type": "string" }, "enableFast": { "description": "EnableFAST enables FAST, which is a pre-authentication framework for Kerberos.\nIt includes a mechanism for tunneling pre-authentication exchanges using armored KDC messages.\nFAST provides increased resistance to passive password guessing attacks.", "type": "boolean" }, "kerberosConfigPath": { "type": "string" }, "keyTabPath": { "type": "string" }, "passwordSecretRef": { "description": "SecretKeyRef contains enough information to inspect or modify the referred Secret data\nSee https://pkg.go.dev/k8s.io/api/core/v1#ObjectReference.", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "realm": { "type": "string" }, "serviceName": { "type": "string" }, "username": { "type": "string" } }, "required": [ "authType", "enableFast", "kerberosConfigPath", "keyTabPath", "passwordSecretRef", "realm", "serviceName", "username" ], "type": "object", "additionalProperties": false }, "mechanism": { "description": "Specifies the SASL/SCRAM authentication mechanism.", "type": "string" }, "oauth": { "description": "KafkaSASLOAuthBearer is the config struct for the SASL OAuthBearer mechanism", "properties": { "tokenSecretRef": { "description": "SecretKeyRef contains enough information to inspect or modify the referred Secret data\nSee https://pkg.go.dev/k8s.io/api/core/v1#ObjectReference.", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false } }, "required": [ "tokenSecretRef" ], "type": "object", "additionalProperties": false }, "passwordSecretRef": { "description": "Specifies the password.", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "username": { "description": "Specifies the username.", "type": "string" } }, "required": [ "mechanism" ], "type": "object", "additionalProperties": false }, "tls": { "description": "Defines TLS configuration settings for Redpanda clusters that have TLS enabled.", "properties": { "caCertSecretRef": { "description": "CaCert is the reference for certificate authority used to establish TLS connection to Redpanda", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "certSecretRef": { "description": "Cert is the reference for client public certificate to establish mTLS connection to Redpanda", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "insecureSkipTlsVerify": { "description": "InsecureSkipTLSVerify can skip verifying Redpanda self-signed certificate when establish TLS connection to Redpanda", "type": "boolean" }, "keySecretRef": { "description": "Key is the reference for client private certificate to establish mTLS connection to Redpanda", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "brokers" ], "type": "object", "additionalProperties": false }, "schemaRegistry": { "description": "SchemaRegistry is the configuration information for communicating with the Schema Registry\nAPI of a Redpanda cluster where the object should be created.", "properties": { "sasl": { "description": "Defines authentication configuration settings for Redpanda clusters that have authentication enabled.", "properties": { "mechanism": { "description": "Specifies the SASL/SCRAM authentication mechanism.", "type": "string" }, "passwordSecretRef": { "description": "Specifies the password.", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "token": { "description": "SecretKeyRef contains enough information to inspect or modify the referred Secret data\nSee https://pkg.go.dev/k8s.io/api/core/v1#ObjectReference.", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "username": { "description": "Specifies the username.", "type": "string" } }, "required": [ "mechanism" ], "type": "object", "additionalProperties": false }, "tls": { "description": "Defines TLS configuration settings for Redpanda clusters that have TLS enabled.", "properties": { "caCertSecretRef": { "description": "CaCert is the reference for certificate authority used to establish TLS connection to Redpanda", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "certSecretRef": { "description": "Cert is the reference for client public certificate to establish mTLS connection to Redpanda", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "insecureSkipTlsVerify": { "description": "InsecureSkipTLSVerify can skip verifying Redpanda self-signed certificate when establish TLS connection to Redpanda", "type": "boolean" }, "keySecretRef": { "description": "Key is the reference for client private certificate to establish mTLS connection to Redpanda", "properties": { "key": { "description": "Key in Secret data to get value from", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "urls": { "description": "Specifies a list of broker addresses in the format :", "items": { "type": "string" }, "type": "array" } }, "required": [ "urls" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "x-kubernetes-validations": [ { "message": "spec.cluster.staticConfiguration.schemaRegistry: required value", "rule": "!has(self.staticConfiguration) || has(self.staticConfiguration.schemaRegistry)" }, { "message": "either clusterRef or staticConfiguration must be set", "rule": "has(self.clusterRef) || has(self.staticConfiguration)" }, { "message": "ClusterSource is immutable", "rule": "self == oldSelf" } ], "additionalProperties": false }, "compatibilityLevel": { "default": "Backward", "description": "CompatibilityLevel sets the compatibility level for the given schema", "enum": [ "None", "Backward", "BackwardTransitive", "Forward", "ForwardTransitive", "Full", "FullTransitive" ], "type": "string" }, "references": { "description": "References declares other schemas this schema references. See the\ndocs on SchemaReference for more details.", "items": { "description": "SchemaReference is a way for a one schema to reference another. The\ndetails for how referencing is done are type specific; for example,\nJSON objects that use the key \"$ref\" can refer to another schema via\nURL.", "properties": { "name": { "type": "string" }, "subject": { "type": "string" }, "version": { "type": "integer" } }, "required": [ "name", "subject", "version" ], "type": "object", "additionalProperties": false }, "type": "array" }, "schemaType": { "default": "avro", "description": "Type is the type of a schema. The default type is avro.", "enum": [ "avro", "protobuf", "json" ], "type": "string" }, "text": { "description": "Text is the actual unescaped text of a schema.", "type": "string" } }, "required": [ "cluster", "text" ], "type": "object", "additionalProperties": false }, "status": { "default": { "conditions": [ { "lastTransitionTime": "1970-01-01T00:00:00Z", "message": "Waiting for controller", "reason": "Pending", "status": "Unknown", "type": "Synced" } ] }, "description": "Represents the current status of the Redpanda schema.", "properties": { "conditions": { "description": "Conditions holds the conditions for the Redpanda schema.", "items": { "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { "lastTransitionTime": { "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", "maxLength": 32768, "type": "string" }, "observedGeneration": { "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "minimum": 0, "type": "integer" }, "reason": { "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { "description": "status of the condition, one of True, False, Unknown.", "enum": [ "True", "False", "Unknown" ], "type": "string" }, "type": { "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ "lastTransitionTime", "message", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "observedGeneration": { "description": "Specifies the last observed generation.", "format": "int64", "type": "integer" }, "schemaHash": { "description": "SchemaHash is the hashed value of the schema synced to the cluster", "type": "string" }, "versions": { "description": "Versions shows the versions of a given schema", "items": { "type": "integer" }, "type": "array" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }